Burger King Grilled, Jeep Sideswiped During Twitter Hacks

Twitter followers of Burger King and Jeep were treated to rude tweets Monday and Tuesday, thanks to hacked social media accounts. Order was eventually restored, but not before questions could be asked about how brands should response to such mischief, and whether Twitter should take a second look at security practices.

By Enid Burns
02/19/13 4:51 PM PT

The Twitter accounts for fast-food chain Burger King and automaker Jeep were taken over by hackers this week, prompting calls for stronger authentication practices while forcing marketing professionals to once again confront the shadowy regions of social media.

Burger King was the first brand to report problems Monday; its gold crown logo was replaced with McDonald's' golden arches on its Twitter feed. Text on the page stated that McDonald's had acquired Burger King "because the Whopper flopped." Obscenities ensued as hacked tweets name-checked Chicago rapper Chief Keef and Wendy's customers, and advertised bath salts.

Burger King's Twitter account was suspended about an hour and fifteen minutes after evidence of the initial breach was discovered. It was several hours before the authentic company logo and tweets came back online. The offending tweets sent during the takeover were removed.

The company issued only one tweeted response after regaining control of its feed: "Interesting day here at BURGER KING, but we're back! Welcome to our new followers. Hope you all stick around!"

Jeep's Twitter feed was hacked Tuesday morning; the feed was replaced with a bio explaining that Jeep stands for "Just Empty Every Pocket," while claiming the company had been "Sold to Cadillac ... In a hood near you!" Tweets contained the hashtags #OpMadCow and #OpWhopper.

"Hacks happen. Naturally, when the victim is a top brand, the hack will generate a good amount of blog chatter and some mainstream media coverage," Greg Verdino, consultant at
Greg Verdino LLC told the E-Commerce Times. "But the downside will be negligible. It was pretty obvious early on that the rebranded profile and the profane tweets weren't coming from the company itself."

Moving Fast to Reclaim a Brand

Did Burger King react fast enough to apologize and explain the hack, or did it wait too long?

"I am surprised at how long it took for the account to come down. I have to imagine that minutes from when the hack occurred, they found out about it. I am very surprised at how long that account stayed up," Ian Schafer, founder and CEO of ad agency
Deep Focus told the E-Commerce Times.

An hour can seem like a long time for an account to remain in the hands of a hacker, but Verdino said the public doesn't know what was going on behind the scenes.

"I actually think Burger King's response was relatively swift and reasonably well done. The account was suspended within an hour or so of the attack, the stream has since been cleansed, and the brand's formal statement and 'we're back' tweet were suitably low-key," he said. "I don't think it would have benefited anyone to fan the flames or blow the incident out of proportion."

The Burger King Twitter feed was quiet since the company regained control. There was no mention or explanation on the brand's Facebook feed while the company was experiencing its Twitter hack; the Facebook page continued a marketing message offering 25-cent coffee Tuesday morning.

Burger King was simply getting back to business and didn't need to dwell on the hack, Verdino said. "Sometimes brands are so set on damage control that they draw more negative attention through their own efforts to prove they were on the case," he explained.

A Prank vs. a Damaging Hack

The Burger King hack appeared to be a simple prank, and did not highlight a particular issue or cause. The incident also drew attention to the brand; the hamburger chain picked up 30,000 Twitter followers.

"It's not drawing attention to anything like minimum wage or harmful contents in the meat," said Schafer. "If anything it made people realize that because of the McDonald's mention that there is a little bit of a rivalry, and drew attention to it."

As for the extra Twitter followers, Burger King likely won't keep some of those people.

"Those 30K new followers were likely marketing professionals, press, and people who like to watch train wrecks," said Schafer. Those followers are mostly "completely disinterested to what Burger King has to say, and will be leaving now that the show's over."

A few people responded to Burger King's tweet welcoming its new followers with negative comments.

Securing Against Future Hacks

The Twitter brand hacks are more security than marketing issues, Schafer said. The two incidents happening within 24 hours highlight the need for stronger authentication practices at Twitter. .

"What draws attention to this is the vulnerability of technology," he said. "Security is real, and the risks associated with it are real."

Two-step verification, also known as two-factor verification, could help address the problem, Schafer suggested. Two-factor verification uses two platforms to authenticate a user's ability to log into an account. It might include an initial password, but then the user will have to produce a one-time code sent in a text message or another form of messaging to verify the user is authorized. It is similar to the two forms of verification used to access a bank ATM machine -- a physical card and a PIN number.

"Once you commandeer a Twitter password, you can log into the account," he said.

Companies can also consider putting their social account security on the same priority level as customer information, payroll databases and website security, Jason Falls, vice president for digital strategy at
CafePress told the E-Commerce Times. "Social is not a one-off anymore. It's an integrated part of sophisticated business systems. Treat it as such."